Cleveland Federal Reserve Hacked

Malaysian Caught with 400K Stolen Cards
Cleveland Federal Reserve Hacked
A 32-year-old Malaysian man was arrested shortly after his arrival last month at John F. Kennedy airport in New York City. His crime? Authorities say he hacked into the Cleveland Federal Reserve Bank and several other computer systems, including a defense contractor.

Lin Mun Poo, a Malaysian national, faces a four-count indictment that charges him with hacking into computer systems and the possession of more than 400,000 stolen credit and debit card numbers.

"Cybercriminals continue to use their sophistication and skill as hackers to attack our financial and national security sectors," says Loretta Lynch, United States Attorney for the Eastern District of New York. Poo's arrest comes just a month after authorities arrested a big cyber crime gang in the U.S. and Europe for similar crimes.

When he arrived in New York on Oct. 21, he was arrested hours later by Secret Service agents. Poo, who is being held in pre-trial detention, "made a career of compromising computer servers belonging to financial institutions, defense contractors and major corporations, among others, and selling or trading the information," says Lynch.

'Massive Quantity' of Stolen Data

Before his arrest, Poo had planned to get additional stolen financial account information from other hackers. authorities say. When Secret Service agents seized his heavily encrypted laptop, they found it contained "a massive quantity" of financial account data and personal identifying information that Poo had allegedly obtained by hacking into computer systems.

The list of victims includes FedComp, a data processor for federal credit unions. With access to FedComp's computers, Poo had unauthorized access to the data of federal credit unions, including the Firemen's Association of the State of New York and the Mercer County New Jersey Teachers. Poo also is charged with breaking into computer servers of a number of major financial institutions and companies, including a computer network of the Federal Reserve Bank of Cleveland, Ohio, by exploiting a security vulnerability. The bank states Poo only broke into a test computer system and didn't access any sensitive information.

Security expert Avivah Litan, an analyst at Gartner, says while it isn't clear how Poo got in to the Federal Reserve's system, this hack "highlights the need for PCI enforcement at banks, including government banks -- not just at merchants and payment processors." She points out banks have always "wiggled out" of formal PCI data security enforcement and audits. "Merchants have been complaining about this lopsided effort for years," Litan says.

Defense Contractor Hacked

Poo's cybercrime spree, according to authorities, extended to the national security sector. Court filings show that in August 2010 he allegedly hacked into the computer system of a Department of Defense contractor that provides systems management for military transport and other operations, potentially compromising highly sensitive military logistics information.

Poo faces a maximum of 10 years if convicted on all charges.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network